A Latest Report by the Digital Citizens Alliance published a few days ago revealed that the millions of .edu email addresses of students, faculty, and staffs across the country are the sale on Dark Web. This is one of the Security challenge facing the U.S Universities with most the college credentials are currently being sold on the darker side of the web.
Researchers from the Digital Citizens Alliance worked with two companies that specialize in deep dives into the Dark Web.
This report looked at the availability of credentials from the largest 300 Higher Education Institutions (or HEIs) in the United States. The Report Added.
A total of 13,930,176 e-mail addresses and passwords belonging to faculty, staff, students, and alumni at U.S. HEIs available to cyber criminals on Dark Web sites. 79 percent of the 14 million credentials were discovered by ID Agent researchers over the last year. The numbers
are staggering and rising quickly. More than 10,984,000 credentials with login IDs that had the .edu suffix (presumably from the HEI community)
have been discovered within the last 12 months.
They also share the benefits to buying or creating .edus, which include being able to buy software and other products reserved for members of the university community.
Top Ten Higher Education Institutions with the Most Credentials on the Dark Web
|INSTITUTION||NUMBER OF E-MAIL ACCOUNTS
ON DARK WEB (MARCH 2017)
|University of Michigan-Ann Arbor||122,556|
|Pennsylvania State University-Main Campus||119,350|
|University of Minnesota-Twin Cities||117,604|
|Michigan State University||115,973|
|OhioState University-Main Campus||114,032|
|The university of Illinois at Urbana-Champaign||99,375|
|University of Florida||87,310|
|Virginia Polytechnic Institute and State University||82,359|
Some of the extremist organizations were passing out credentials and some did it for free. But few have stolen credit card information and Social security numbers of these email accounts and currently, they are also being sold on the dark web.
These email ids can be used to run a phishing scam which might be more likely to generate trust than a random email from a Gmail or Yahoo account.
The Author of the report added,”We’ve shared this publicly so everyone—the schools, the faculty, the staff, and the students—can all take extra measures to protect themselves”.